{
  "threat_severity" : "Moderate",
  "public_date" : "2015-04-07T00:00:00Z",
  "bugzilla" : {
    "description" : "ntp: authentication doesn't protect symmetric associations against DoS attacks",
    "id" : "1199435",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1199435"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "details" : [ "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.", "A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers." ],
  "acknowledgement" : "This issue was discovered by Miroslav Lichvár (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-21T00:00:00Z",
    "advisory" : "RHSA-2015:1459",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "ntp-0:4.2.6p5-5.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2231",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "ntp-0:4.2.6p5-22.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "ntp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1799\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1799" ],
  "name" : "CVE-2015-1799",
  "mitigation" : {
    "value" : "To work around this issue, instead of configuring NTP hosts as peers with the 'peer' directive, use the 'server' directive on both hosts so that the connection uses a regular client/server mode of operation.\nMore information about how to configure NTP can be found at:\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Configuring_NTP_Using_ntpd.html\nAutokey authentication between NTP peers is not sufficient to fully mitigate this issue.",
    "lang" : "en:us"
  },
  "csaw" : false
}